At Computex 2026, Jensen Huang unveiled the RTX Spark Superchip, a new Arm-based platform for laptops and desktops. It pairs a 20-core Arm CPU with a 6144-CUDA-core Blackwell GPU and up to 128GB of unified memory, designed to run agentic AI workloads locally on Windows. This marks NVIDIA's most aggressive push into personal computing hardware.
Taiwan's 500+ NVIDIA ecosystem partners are scaling production of Vera Rubin AI infrastructure, with over 1 million MGX rack components assembled across 25 factory sites. The full supply chain - from advanced packaging to liquid cooling to rack integration - is concentrated in Taiwan, making it the manufacturing backbone for the next generation of AI factories worldwide.
Device intelligence company Fingerprint launched a preview of AI Assistant Detection, giving businesses real-time visibility into traffic from major AI assistants including ChatGPT, Gemini, and Claude. As more web requests arrive without a browser, the tool addresses a growing detection gap where traditional bot detection methods fail to identify AI-generated traffic.
Under the federal budget's 'Rockfill Strategy', IT and telecom projects are classified as 'Sand' - the lowest tier costing under Rs. 1 billion. While physical infrastructure gets 'Rock' status, digital transformation projects remain chronically underfunded. The heavily brick-and-mortar bias in the PSDP means Pakistan's digital ambitions continue to be deprioritized despite stated goals.
The Senate Standing Committee on IT directed PTA to take steps to protect telecom infrastructure and signaled a possible amendment to the Essential Services Act. Mobile and internet services could be formally included alongside electricity and gas as protected essential services, a move that would provide legal backing against the frequent shutdowns that disrupt connectivity.
A proof-of-concept exploit has been released for the CIFSwitch flaw, a vulnerability that has existed in the Linux kernel for 19 years. The flaw allows low-privileged users to escalate to root on vulnerable systems. With PoC code now public, unpatched Linux servers and workstations face immediate risk of local privilege escalation attacks.
A malicious npm package named codexui-android, disguised as a remote web UI for OpenAI Codex, has been stealing authentication tokens from developers. The package attracted over 29,000 weekly downloads and is still available on npm. This joins the RedHat JavaScript client npm compromise reported this week, highlighting an accelerating trend of supply chain attacks targeting developer tools.
Research showed GPT-4 could autonomously exploit 87% of known CVEs when given descriptions. The previous safety margin - that AI couldn't discover vulnerabilities on its own - is eroding rapidly. Claude Mythos demonstrated that AI models can now chain vulnerability discovery with exploitation, compressing the window between disclosure and active exploit from days to hours.
Multiple npm packages maintained under Red Hat's javascript-clients repository have been compromised. The GitHub issue has attracted 157 points and 60 comments on Hacker News, reflecting the severity - Red Hat packages are widely used in enterprise environments. Combined with the OpenAI Codex npm attack, this marks a troubling week for JavaScript supply chain security.